CLAIMS 



1 1 . An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 a first user registry residing in the memory that contains a first user identity for a 

5 selected user; 

6 a second user registry residing in the memory that contains a second user identity 

7 for the selected user; and 

8 an identity mapping mechanism that provides a mapping between the first user 

9 identity and the second user identity. 

1 2. The apparatus of claim 1 wherein the first user registry comprises a user registry 

2 in a first processing environment. 

1 3 . The apparatus of claim 2 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 

1 4. The apparatus of claim 1 wherein the identity mapping mechanism comprises: 

2 a directory service that contains a plurality of user identity mappings that correlate 

3 the first user identity in the first registry to the second user identity in the second registry, 

4 and that references the first and second user registries; and 

5 schema for the directory service that specifies relationships between a plurality of 

6 entries in the directory service, where at least one entry includes the user identity 

7 mappings. 
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1 5. The apparatus of claim 4 wherein the directory service comprises Lightweight 

2 Directory Access Protocol (LDAP). 

1 6. The apparatus of claim 1 further comprising a global identifier residing in the 

2 memory that corresponds to the selected user, and wherein the mapping comprises a first 

3 correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 
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1 7. An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 a first user registry residing in the memory containing a first plurality of user 

5 identities; 

6 a second user registry residing in the memory containing a second plurality of user 

7 identities; 

8 a directory service that contains a plurality of user identity mappings that correlate 

9 a first user identity in the first user registry to a second user identity in the second user 

10 registry, and that references the first and second user registries; and 

1 1 schema for the directory service that specifies relationships between a plurality of 

12 entries in the directory service, where at least one entry includes the user identity 

13 mappings. 

1 8. The apparatus of claim 7 wherein the first user registry comprises a user registry 

2 in a first processing environment. 

1 9. The apparatus of claim 8 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 

1 10. The apparatus of claim 7 wherein the directory service comprises Lightweight 

2 Directory Access Protocol (LDAP). 
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1 11. The apparatus of claim 7 further comprising a global identifier residing in the 

2 memory that corresponds to the selected user, and wherein the mapping comprises a first 

3 correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 
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1 12. A networked computer system comprising : 

2 a network that interconnects a plurality of computer systems; 

3 a first computer system coupled to the network that includes a first user registry 

4 for a first processing environment that contains a first user identity for a selected user; 

5 a second computer system coupled to the network that includes a second user 

6 registry for a second processing environment that contains a second user identity for the 

7 selected user; and 

8 a mechanism coupled to the network that provides a mapping between the first 

9 user identity and the second user identity. 

1 13. The networked computer system of claim 12 wherein the first user registry 

2 comprises a user registry in a first processing environment. 

1 14. The networked computer system of claim 13 wherein the second user registry 

2 comprises a user registry in a second processing environment that is different than the 

3 first processing environment. 

1 15. The networked computer system of claim 12 further comprising a global identifier 

2 accessible via the network that corresponds to the selected user, and wherein the mapping 

3 comprises a first correlation between the first user identity and the global identifier and a 

4 second correlation between the second user identity and the global identifier. 
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1 16. A method for managing a plurality of user identities on a plurality of computer 

2 system coupled to a network, each user identity corresponding to a defined processing 

3 environment, the method comprising the steps of: 

4 providing an identity mapping mechanism that provides a mapping between a first 

5 user identity in a first user registry and a second user identity in a second user registry; 

6 and 

7 invoking the identity mapping mechanism to determine the mapping between the 

8 first user identity and the second user identity. 

1 17. The method of claim 1 6 wherein the identity mapping mechanism comprises: 

2 a directory service that contains a plurality of user identity mappings that correlate 

3 the first user identity in the first registry to the second user identity in the second registry, 

4 and that references the first and second user registries; and 

5 schema for the directory service that specifies relationships between a plurality of 

6 entries in the directory service, where at least one entry includes the user identity 

7 mappings. 

1 18. The method of claim 1 7 wherein the directory service comprises Lightweight 

2 Directory Access Protocol (LDAP). 
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1 19. A method for correlating a plurality of user identities on a plurality of computer 

2 systems coupled to a network, the method comprising the steps of: 

3 generating a global identifier corresponding to a user; 

4 mapping a first user identity in a first user registry to the global identifier; and 

5 mapping a second user identity in a second user registry to the global identifier. 
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1 20. A program product comprising: 

2 (A) an identity mapping mechanism that provides a mapping between: 

3 (Al ) a first user identity for a selected user residing in a first user registry; 

4 and 

5 (A2) a second user identity for the selected user residing in a second user 

6 registry; and 

7 (B) computer-readable signal bearing media bearing the identity mapping 

8 mechanism. 

1 21. The program product of claim 20 wherein the signal bearing media comprises 

2 recordable media. 

1 22. The program product of claim 20 wherein the signal bearing media comprises 

2 transmission media. 

1 23. The program product of claim 20 wherein the first user registry comprises a user 

2 registry in a first processing environment. 

1 24. The program product of claim 23 wherein the second user registry comprises a 

2 user registry in a second processing environment that is different than the first processing 

3 environment. 
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1 25. The program product of claim 20 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service,' where at least one entry includes the user identity 

8 mappings. 

1 26. The program product of claim 20 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 

1 27. The program product of claim 20 wherein the identity mapping mechanism 

2 provides a mapping between the first user identity and the second user identity by creating 

3 a global identifier that corresponds to the selected user, and by generating a first 

4 correlation between the first user identity and the global identifier and a second 

5 correlation between the second user identity and the global identifier. 
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1 28. A program product comprising: 

2 (A) a directory service that contains a plurality of user identity mappings that 

3 correlate a first user identity in a first user registry to a second user identity in a second 

4 user registry, and that references the first and second user registries; and 

5 (B) schema for the directory service that specifies relationships between a 

6 plurality of entries in the directory service, where at least one entry includes the user 

7 identity mappings; and 

8 (C) computer-readable signal bearing media bearing the directory service and the 

9 schema. 

1 29. The program product of claim 28 wherein the signal bearing media comprises 

2 recordable media. 

1 30. The program product of claim 28 wherein the signal bearing media comprises 

2 transmission media. 

1 31. The program product of claim 28 wherein the first user registry comprises a user 

2 registry in a first processing environment. 

1 32. The program product of claim 3 1 wherein the second user registry comprises a 

2 user registry in a second processing environment that is different than the first processing 

3 environment. 

1 33. The program product of claim 28 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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1 34. The program product of claim 28 wherein the plurality of user identity mappings 

2 each comprise a mapping between the first user identity and a global identifier that 

3 corresponds to the selected user, and a mapping between the global identifier and the 

4 second user identity. 
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